Keyhive is a project aimed at adding access control to local-first applications. It provides a firm basis for secure collaboration, similar to the guarantees of private group messaging but extended to other kinds of collaborative application.

We needed an network-agnostic way to grant and revoke the ability to synchronize, read, write, or administer some local-first data. Such a system needs to respect the same concurrency and offline-capabilities as any other local-first application. To this end, Keyhive developed a capability model tuned to work well with local-first data like Automerge and Git that we call “convergent capabilities”.

To achieve the data security properties in which we are interested (like post-compromise security), Keyhive generates quite a few encryption keys. Distributing keys to the members of a group concurrently and efficiently is a challenge. We took inspiration from MLS’s “single source of truth” TreeKEM design to develop BeeKEM, a concurrency-friendly continuous group key agreement (CGKA) mechanism that can be updated concurrently with arbitrary divergence between replicas.

We also co-designed the next version of Automerge’s sync protocol (called “Beelay”) with Keyhive. Specifically, Beelay is able to synchronize end-to-end encrypted payloads that a server cannot decrypt, and defense-in-depth by only syncing with replicas that are granted access in Keyhive.

You can read more about Keyhive and Beelay in our notes.